diff options
Diffstat (limited to 'src/tipideed')
| -rw-r--r-- | src/tipideed/responses.c | 25 | ||||
| -rw-r--r-- | src/tipideed/tipideed.c | 19 |
2 files changed, 29 insertions, 15 deletions
diff --git a/src/tipideed/responses.c b/src/tipideed/responses.c index 0d0840c..70dcddf 100644 --- a/src/tipideed/responses.c +++ b/src/tipideed/responses.c @@ -8,6 +8,7 @@ #include <skalibs/types.h> #include <skalibs/buffer.h> #include <skalibs/strerr.h> +#include <skalibs/stralloc.h> #include <skalibs/tai.h> #include <skalibs/djbunix.h> #include <skalibs/unix-timed.h> @@ -37,7 +38,14 @@ void response_error (tipidee_rql const *rql, char const *docroot, unsigned int s { tain deadline ; tipidee_defaulttext dt ; - char const *file = tipidee_conf_get_errorfile(&g.conf, docroot, status) ; + char const *file ; + size_t salen = g.sa.len ; + if (sarealpath(&g.sa, docroot) == -1 || !stralloc_0(&g.sa)) + die500sys(rql, 111, docroot, "realpath ", docroot) ; + if (strncmp(g.sa.s + salen, g.sa.s, g.cwdlen) || g.sa.s[salen + g.cwdlen] != '/') + die500x(rql, 102, docroot, "docroot ", docroot, " points outside of the server's root") ; + file = tipidee_conf_get_errorfile(&g.conf, g.sa.s + salen + g.cwdlen + 1, status) ; + g.sa.len = salen ; if (!tipidee_util_defaulttext(status, &dt)) { char fmt[UINT_FMT] ; @@ -47,20 +55,27 @@ void response_error (tipidee_rql const *rql, char const *docroot, unsigned int s if (file) { - int fd = open_read(file) ; - if (fd == -1) strerr_warnwu3sys("open ", "custom error file ", file) ; + int fd ; + if (file[0] == '/') + { + char fmt[UINT_FMT] ; + fmt[uint_fmt(fmt, status)] = 0 ; + strerr_dief4x(102, "bad configuration: absolute path for custom ", fmt, " file: ", file) ; + } + fd = open_read(file) ; + if (fd == -1) strerr_warnwu3sys("open ", "custom response file ", file) ; else { struct stat st ; if (fstat(fd, &st) == -1) { fd_close(fd) ; - strerr_warnwu3sys("stat ", "custom error file ", file) ; + strerr_warnwu3sys("stat ", "custom response file ", file) ; } else if (!S_ISREG(st.st_mode)) { fd_close(fd) ; - strerr_warnw3x("custom error file ", file, " is not a regular file") ; + strerr_warnw3x("custom response file ", file, " is not a regular file") ; } else { diff --git a/src/tipideed/tipideed.c b/src/tipideed/tipideed.c index b004782..b499b2a 100644 --- a/src/tipideed/tipideed.c +++ b/src/tipideed/tipideed.c @@ -195,18 +195,17 @@ static inline unsigned int indexify (tipidee_rql const *rql, char const *docroot static inline void get_resattr (tipidee_rql const *rql, char const *docroot, char const *res, tipidee_resattr *ra) { - static stralloc sa = STRALLOC_ZERO ; - sa.len = 0 ; - if (sarealpath(&sa, res) == -1 || !stralloc_0(&sa)) die500sys(rql, 111, docroot, "realpath ", res) ; - if (strncmp(sa.s, g.sa.s, g.cwdlen) || sa.s[g.cwdlen] != '/') + size_t pos = g.sa.len ; + if (sarealpath(&g.sa, res) == -1 || !stralloc_0(&g.sa)) die500sys(rql, 111, docroot, "realpath ", res) ; + if (strncmp(g.sa.s + pos, g.sa.s, g.cwdlen) || g.sa.s[pos + g.cwdlen] != '/') die500x(rql, 102, docroot, "resource ", res, " points outside of the server's root") ; { char const *attr = 0 ; - size_t len = sa.len - g.cwdlen + 1 ; + size_t len = g.sa.len - pos - g.cwdlen + 1 ; char key[len + 1] ; key[0] = 'A' ; key[1] = ':' ; - memcpy(key + 2, sa.s + 1 + g.cwdlen, sa.len - 1 - g.cwdlen) ; + memcpy(key + 2, g.sa.s + pos + 1 + g.cwdlen, len - 2) ; key[len] = '/' ; errno = ENOENT ; while (!attr) @@ -233,18 +232,18 @@ static inline void get_resattr (tipidee_rql const *rql, char const *docroot, cha nphprefix = tipidee_conf_get_string(&g.conf, key) ; if (nphprefix) { - char const *base = strrchr(sa.s + g.cwdlen, '/') ; + char const *base = strrchr(g.sa.s + pos + g.cwdlen, '/') ; if (str_start(base + 1, nphprefix)) ra->isnph = 1 ; } } } } - if (!ra->iscgi && !ra->content_type) { - ra->content_type = tipidee_conf_get_content_type(&g.conf, sa.s + g.cwdlen) ; - if (!ra->content_type) die500sys(rql, 111, docroot, "get content type for ", sa.s + g.cwdlen) ; + ra->content_type = tipidee_conf_get_content_type(&g.conf, g.sa.s + pos + g.cwdlen) ; + if (!ra->content_type) die500sys(rql, 111, docroot, "get content type for ", g.sa.s + pos + g.cwdlen) ; } + g.sa.len = pos ; } static inline void force_redirect (tipidee_rql const *rql, char const *fn) |